aws-sdk-android icon indicating copy to clipboard operation
aws-sdk-android copied to clipboard
verified publisher icon aws-amplify

Switching Unauthenticated Users to Authenticated Users

Open RandomEngy opened this issue 5 years ago • 0 comments

I'm trying to set my app up to allow unauthenticated users to access an AppSync API, as mentioned in this documentation.

I've got:

  • A user pool. This is set up for Google auth/regular cognito auth
  • An identity pool
    • This is linked to the user pool via a Cognito identity provider.
    • The authenticated/unauthenticated roles have a policy attached to them that gives them access to the GraphQL API
  • An AppSync API set up with AWS_IAM auth

I create the app sync client like this:

appSyncClient = AWSAppSyncClient.builder()
    .context(applicationContext)
    .awsConfiguration(awsConfiguration)
    .credentialsProvider(AWSMobileClient.getInstance())
    .build()

This works fine and the identity pool creates an identity for me, and I can interact with the API. The trouble comes when I log in:

val hostedUIOptions: HostedUIOptions = HostedUIOptions.builder()
    .scopes("openid", "email", "aws.cognito.signin.user.admin")
    .build()
val signInUIOptions: SignInUIOptions = SignInUIOptions.builder()
    .hostedUIOptions(hostedUIOptions)
    .build()

runOnUiThread {
    mobileClient.showSignIn(
        mainActivity,
        signInUIOptions,
        object : Callback<UserStateDetails?> {
            override fun onResult(result: UserStateDetails?) {
                Log.i("AwsAuthSignIn", "onResult: " + result?.userState)
            }

            override fun onError(e: Exception?) {
                Log.i("AwsAuthSignIn", "onResult: " + result?.userState)
            }

        }
    )
}

After that I see that it's created a new identity associated with the sign in, rather than use the old one. Does the user pool not work with this scenario? I see there is an option to use Google+ authentication provider directly on the identity pool but I don't see how that would work with the Hosted UI I'm using.

Here's my awsconfiguration.json:

{
    "UserAgent": "aws-amplify-cli/0.1.0",
    "Version": "0.1.0",
    "IdentityManager": {
        "Default": {}
    },
    "AppSync": {
        "Default": {
            "ApiUrl": "https://kd2kioqee5bd5mzuyb2ifpamti.appsync-api.us-east-2.amazonaws.com/graphql",
            "Region": "us-east-2",
            "AuthMode": "AWS_IAM"
        }
    },
    "CredentialsProvider": {
        "CognitoIdentity": {
            "Default": {
                "PoolId": "us-east-2:ab25f659-0cf5-42ff-a797-2183b3f6b4b2",
                "Region": "us-east-2"
            }
        }
    },
    "CognitoUserPool": {
        "Default": {
            "PoolId": "us-east-2_HkIWVBD85",
            "AppClientId": "[snip]",
            "AppClientSecret": "[snip]",
            "Region": "us-east-2"
        }
    },
    "Auth": {
        "Default": {
            "OAuth": {
                "WebDomain": "myapp-amplify-prod.auth.us-east-2.amazoncognito.com",
                "AppClientId": "[snip]",
                "AppClientSecret": "[snip]",
                "SignInRedirectURI": "myapp://signin/",
                "SignOutRedirectURI": "myapp://signout/",
                "Scopes": [
                    "phone",
                    "email",
                    "openid",
                    "profile",
                    "aws.cognito.signin.user.admin"
                ]
            },
            "authenticationFlowType": "USER_SRP_AUTH"
        }
    }
}

Which AWS Services are you utilizing? AppSync

Environment:

  • SDK Version: 2.16.12

Device Information (please complete the following information):

  • Device: Nexus 6
  • Android Version: Nougat 7.1.1
  • Specific to simulators: No

RandomEngy avatar May 22 '20 20:05 RandomEngy